EPSS
Percentile
35.4%
nodebb-plugin-blog-comments is vulnerable to cross-site request forgery (CSRF). The vulnerability exists due to the lack of authentication token for the POST requests to /comments/reply and /comments/publish in library.js.
/comments/reply
/comments/publish
library.js
github.com/psychobunny/nodebb-plugin-blog-comments/commit/cf43beedb05131937ef46f365ab0a0c6fa6ac618
github.com/psychobunny/nodebb-plugin-blog-comments/security/advisories/GHSA-43m5-c88r-cjvv
www.npmjs.com/package/nodebb-plugin-blog-comments